# openssl req -new -key foo.bar.com.key -out foo.bar.com.csr
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Florida
Locality Name (eg, city) [Newbury]:Deltona
Organization Name (eg, company) [My Company Ltd]:Widgets Inc,.
Organizational Unit Name (eg, section) []:Foo Division
Common Name (eg, your name or your server's hostname) []:foo.bar.com

IMPORTANT: The CN (Common Name) MUST match your actual published server name or the clients will get nasty security errors particularly in Firefox browsers.

Email Address []:admin@bar.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Submit CSR to Endtrust, Verisign, Godaddy or some well known CA provider.

Later when the CA is supplied by the CA authority:

Open a web browser and go to the URL that appears in the confirmation
email you received from Entrust. Your certificates are displayed.
The Entrust Certificate Services web server certificate is in the
section named "Entrust Certificate Services web server certificate".